So, my question is whether in the external firewall (ISA) I should be pointing to the Edge Server or to the internal firewall when publishing OWA, ActiveSync, and Outlook Anywhere.

( The SAN Certificate (Autodiscover.domain.com, mail.domain.com) are already placed in both of the firewalls and in the Edge Server, along with the Certificate Root, because none of these three servers are domain-joined. )

Should I create the OWA publishing rule in both firewalls?. I don’t find any articles out there with this scenario. There are many explaining how to do it with an Edge behind an ISA Server, but only one ISA Server.